Sign-up

ID

VAR-202012-0085


CVE

CVE-2020-10208


TITLE

Amino Communications command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-29990 // CNNVD: CNNVD-202012-1802

DESCRIPTION

Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges. plural Amino Communications The product has OS There are command injection vulnerabilities and injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Amino Communications AK45x series is a series of TV set-top box equipment of British Amino company

Trust: 2.16

sources: NVD: CVE-2020-10208 // JVNDB: JVNDB-2020-015304 // CNVD: CNVD-2021-29990

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-29990

AFFECTED PRODUCTS

vendor:aminomodel:kami7bscope: - version: -

Trust: 1.4

vendor:aminomodel:ak5xxscope:eqversion: -

Trust: 1.0

vendor:aminomodel:kami7bscope:eqversion: -

Trust: 1.0

vendor:aminomodel:ak65xscope:eqversion: -

Trust: 1.0

vendor:aminomodel:ak45xscope:eqversion: -

Trust: 1.0

vendor:aminomodel:aria6xxscope:eqversion: -

Trust: 1.0

vendor:aminomodel:aria7xxscope:eqversion: -

Trust: 1.0

vendor:aminomodel:ak45xscope: - version: -

Trust: 0.8

vendor:aminomodel:aria6xxscope: - version: -

Trust: 0.8

vendor:aminomodel:ak5xxscope: - version: -

Trust: 0.8

vendor:aminomodel:ak65xscope: - version: -

Trust: 0.8

vendor:aminomodel:aria7xxscope: - version: -

Trust: 0.8

vendor:aminomodel:ak45x seriesscope: - version: -

Trust: 0.6

vendor:aminomodel:ak5xx seriesscope: - version: -

Trust: 0.6

vendor:aminomodel:ak65x seriesscope: - version: -

Trust: 0.6

vendor:aminomodel:aria6xx seriesscope: - version: -

Trust: 0.6

vendor:aminomodel:aria7/ak7xx seriesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-29990 // JVNDB: JVNDB-2020-015304 // NVD: CVE-2020-10208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10208
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-10208
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-29990
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202012-1802
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10208
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-29990
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10208
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-10208
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-29990 // JVNDB: JVNDB-2020-015304 // CNNVD: CNNVD-202012-1802 // NVD: CVE-2020-10208

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:injection (CWE-74) [NVD Evaluation ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015304 // NVD: CVE-2020-10208

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1802

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202012-1802

PATCH

title:Top Pageurl:https://www.amino.tv/

Trust: 0.8

title:Patch for Amino Communications command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/260266

Trust: 0.6

title:Amino Communications Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138171

Trust: 0.6

sources: CNVD: CNVD-2021-29990 // JVNDB: JVNDB-2020-015304 // CNNVD: CNNVD-202012-1802

EXTERNAL IDS

db:NVDid:CVE-2020-10208

Trust: 3.0

db:JVNDBid:JVNDB-2020-015304

Trust: 0.8

db:CNVDid:CNVD-2021-29990

Trust: 0.6

db:CNNVDid:CNNVD-202012-1802

Trust: 0.6

sources: CNVD: CNVD-2021-29990 // JVNDB: JVNDB-2020-015304 // CNNVD: CNNVD-202012-1802 // NVD: CVE-2020-10208

REFERENCES

url:https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#9cf3

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-10208

Trust: 0.8

url:https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4

Trust: 0.6

sources: CNVD: CNVD-2021-29990 // JVNDB: JVNDB-2020-015304 // CNNVD: CNNVD-202012-1802 // NVD: CVE-2020-10208

SOURCES

db:CNVDid:CNVD-2021-29990
db:JVNDBid:JVNDB-2020-015304
db:CNNVDid:CNNVD-202012-1802
db:NVDid:CVE-2020-10208

LAST UPDATE DATE

2024-11-23T21:51:08.275000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-29990date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2020-015304date:2021-09-16T07:56:00
db:CNNVDid:CNNVD-202012-1802date:2021-01-20T00:00:00
db:NVDid:CVE-2020-10208date:2024-11-21T04:54:58

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-29990date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2020-015304date:2021-09-16T00:00:00
db:CNNVDid:CNNVD-202012-1802date:2020-12-30T00:00:00
db:NVDid:CVE-2020-10208date:2020-12-30T00:15:12.597